> > > I uncommented the above line and added the following to main.cf: > > > > > > smtpd_tls_security_level = may > > > > > > as instructed here: > > > > > > http://www.postfix.org/TLS_README.html#server_enable > > > > > > and restarted postfix, but I still can't send. In claws-mail, I tried > > > specifying 587 and I'm specifying Use SSL for SSMTP. I'm guessing TLS > > > isn't set up properly? > > > > You need more than that. My /etc/postfix/main.cf looks like this and > > you'll need to create the actual certs listed below as well. I recommend > > smtpd_tls_auth_only so that anyone trying to smtp auth is required to do > > it over an encrypted session. > > > > # TLS stuff > > smtpd_tls_security_level = may > > smtpd_tls_auth_only = yes > > smtpd_tls_key_file = /etc/postfix/newkey.pem > > smtpd_tls_cert_file = /etc/postfix/newcert.pem > > smtpd_tls_CAfile = /etc/postfix/cacert.pem > > #smtpd_tls_loglevel = 3 > > #smtpd_tls_received_header = yes > > smtpd_tls_session_cache_timeout = 3600s > > tls_random_source = dev:/dev/urandom > > > > Additionally check to see what port Postfix is listening on. It's on > > port 465 on my server and you'll need to set your mail client to SSL > > rather than TLS. > > Thank you kashani. Now I'm getting "Relay access denied". I've been > sending via squirrelmail running on the same server so I need to make > an adjustment. What I'd like to do is allow relaying for any > authenticated smtp client but I don't see any option for that in the > main.cf comments. I tried adding "grant" to the postdrop group with > no luck.
Is allowing relay access based on authentication not something postfix does? It makes sense to me. How do you guys make the relay decision? - Grant > Here's my main.cf (I'm using postgrey): > > mydestination = mydomain.com > setgid_group = postdrop > smtpd_recipient_restrictions = > permit_mynetworks, > check_policy_service inet:127.0.0.1:10030 > reject_unauth_destination, > permit > virtual_alias_maps = hash:/etc/postfix/virtual > message_size_limit = 20480000 > smtpd_tls_security_level = may > smtpd_tls_auth_only = yes > smtpd_tls_key_file = /etc/ssl/postfix/server.key > smtpd_tls_cert_file = /etc/ssl/postfix/server.crt > smtpd_tls_CAfile = /etc/ssl/postfix/server.pem > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > > How does that look? > > - Grant -- gentoo-user@lists.gentoo.org mailing list
